[openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free)

[Alex Hultman]

Hi,

I'm having trouble "duping" an SSL connection. I have an SSL *pointer that
is going to be SSL_free'd, so I need to clone it or up the ref count or
somehow make it stay alive. I see that in OpenSSL 1.1.0 it seems you added
the SSL_up_ref - is there any equivalent functionality in 1.0.2? I also see
that the documentation of SSL_dup has changed in 1.1.0 to a much more
strict one (one that does not suit my needs).

What I'm basically in need of is some way of cloning the connection just
like UNIX dup can duplicate a file descriptor so that a new server can use
the dup'ed fd while the original server can go ahead and close the original
fd without destroying the underlying connection. I need the equivalent in
OpenSSL. I tried this:

(0. Have some other HTTPS server accept & establish the SSL pointer)

1. get the SSL pointer, SSL_dup it
2. get the fd, UNIX dup it
3. SSL_set_fd on the duped SSL pointer to the duped fd
4. SSL_write & SSL_shutdown for demo

This gives me SSL_ERROR_BAD_MAC_READ errors on the client. If I skip
SSL_dup it works, and I can SSL_write a message that shows up in the
client. But like I mentioned, the original server is going to SSL_free the
SSL pointer I use, so I need to clone it somehow.

I would be thankful for any clarifications on this. I've been skimming
through the docs for 2 days now and it seems very ambiguous.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160423/d1471ab1/attachment-0001.html>